From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
Stefan Hanreich <s.hanreich@proxmox.com>
Subject: Re: [pve-devel] [PATCH pve-manager v3 3/9] pvestatd: add network resource to status reporting
Date: Wed, 12 Nov 2025 21:51:36 +0100 [thread overview]
Message-ID: <76e75c5f-00a7-41e4-86a7-9b7ef174d146@proxmox.com> (raw)
In-Reply-To: <20251107143201.689035-34-s.hanreich@proxmox.com>
and why is this subject prefixed with pvestatd?
It's mostly for the "api: cluster:" subsystem. Could be broken into
two though, first one adding the broadcasting to pvestatd, second
one actually using that in the cluster resource API.
Am 07.11.25 um 15:38 schrieb Stefan Hanreich:
> From: Gabriel Goller <g.goller@proxmox.com>
>
> The new network resource will act as the top-level resource for all
> networking entities (including SDN entities). The network resource
> contains a network_type field, which indicates the type of networking
> resource - similar to how the storage plugin handles different types
> of storages. For now, it contains SDN fabrics and the SDN zones have
> been copied over as well.
>
> The main reason for moving over to a new resource type is the current
> ID schema of the SDN resource, which is 'sdn/{zone_id}'. This makes it
> hard to extend without the possibility of ID collisions. Additionally,
> since the ID is used in several places throughout the backend / UI,
> changing the schema would break compatibility with nodes that are on
> an earlier version and would be an API break as well.
>
> Nodes will still broadcast the old format for backwards-compatibility
> and nodes with this patch applied support handling both formats. With
> this patch, nodes will check whether a node is sending both formats or
> only the old one, and parse the resources based on that information.
> Older nodes will drop the new network resource type, but will still be
> able to show zones, because the old format still gets broadcast. Newer
> nodes will take the information from the network store, if available,
> otherwise fall back to the SDN store.
>
> Another reason for keeping the old format around is so we do not break
> older clients, that rely on the old SDN format - removing it would be
> a breaking API change.
>
> Co-authored-by: Stefan Hanreich <s.hanreich@proxmox.com>
> Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
> Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
> ---
> PVE/API2/Cluster.pm | 101 +++++++++++++++++++++++++++++++++-------
> PVE/Service/pvestatd.pm | 27 +++++++++++
> 2 files changed, 110 insertions(+), 18 deletions(-)
>
> diff --git a/PVE/API2/Cluster.pm b/PVE/API2/Cluster.pm
> index 479803960..0c779bf9b 100644
> --- a/PVE/API2/Cluster.pm
> +++ b/PVE/API2/Cluster.pm
> @@ -251,7 +251,8 @@ __PACKAGE__->register_method({
> type => {
> description => "Resource type.",
> type => 'string',
> - enum => ['node', 'storage', 'pool', 'qemu', 'lxc', 'openvz', 'sdn'],
> + enum =>
> + ['node', 'storage', 'pool', 'qemu', 'lxc', 'openvz', 'sdn', 'network'],
> },
> status => {
> description => "Resource type dependent status.",
> @@ -431,6 +432,23 @@ __PACKAGE__->register_method({
> optional => 1,
> default => 0,
> },
> + network => {
> + description => "The name of a Network entity (for type 'network').",
> + type => "string",
> + optional => 1,
> + },
> + network_type => {
> + description => "The type of network resource (for type 'network').",
> + type => "string",
> + enum => ["fabric", "zone"],
> + optional => 1,
> + },
> + protocol => {
> + description =>
> + "The protocol of a fabric (for type 'network', network_type 'fabric').",
> + type => "string",
> + optional => 1,
> + },
> },
> },
> },
> @@ -584,25 +602,15 @@ __PACKAGE__->register_method({
> }
>
> if (!$param->{type} || $param->{type} eq 'sdn') {
> - #add default "localnetwork" zone
> - if ($rpcenv->check($authuser, "/sdn/zones/localnetwork", ['SDN.Audit'], 1)) {
> - foreach my $node (@$nodelist) {
> - my $local_sdn = {
> - id => "sdn/$node/localnetwork",
> - sdn => 'localnetwork',
> - node => $node,
> - type => 'sdn',
> - status => 'ok',
> - };
> - push @$res, $local_sdn;
> - }
> - }
> + my $nodes = PVE::Cluster::get_node_kv("sdn");
> + my $network_nodes = PVE::Cluster::get_node_kv("network");
>
> - if ($have_sdn) {
> - my $nodes = PVE::Cluster::get_node_kv("sdn");
> + for my $node (sort keys %{$nodes}) {
> + # host is already sending the new network resource, so ignore
> + # its sdn resources
> + next if defined $network_nodes->{$node};
>
> - for my $node (sort keys %{$nodes}) {
> - my $sdns = decode_json($nodes->{$node});
> + my $sdns = decode_json($nodes->{$node});
>
> for my $id (sort keys %{$sdns}) {
> next if !$rpcenv->check($authuser, "/sdn/zones/$id", ['SDN.Audit'], 1);
> @@ -620,6 +628,63 @@ __PACKAGE__->register_method({
> }
> }
>
> + if (!$param->{type} || $param->{type} eq 'network') {
> + my $nodes = PVE::Cluster::get_node_kv("network");
> +
> + # add default "localnetwork" zone
> + if ($rpcenv->check($authuser, "/sdn/zones/localnetwork", ['SDN.Audit'], 1)) {
> + foreach my $node (@$nodelist) {
> + my $local_sdn = {
> + id => "network/$node/zone/localnetwork",
> + type => 'network',
> + network_type => 'zone',
> + network => 'localnetwork',
> + node => $node,
> + status => 'ok',
> + };
> + push $res->@*, $local_sdn;
> + }
> + }
> +
> + for my $node (sort keys $nodes->%*) {
> + my $node_config = decode_json($nodes->{$node});
> +
> + for my $id (sort keys $node_config->%*) {
> + my $entry = $node_config->{$id};
> +
> + if ($entry->{network_type} eq 'fabric') {
> + next
> + if !$rpcenv->check_any(
> + $authuser,
> + "/sdn/fabrics/$entry->{network}",
> + ['SDN.Audit', 'SDN.Allocate'],
> + 1,
> + );
> + } elsif ($entry->{network_type} eq 'zone') {
> + next
> + if !$rpcenv->check(
> + $authuser,
> + "/sdn/zones/$entry->{network}",
> + ['SDN.Audit'],
> + 1,
> + );
> + } else {
> + # unknown type, so most likely introduced in a newer
> + # version - avoid leaking information by suppressing any
> + # unknown sdn types in the returned array.
> + next;
> + }
Might want to add a local helper looking something like
my sub can_access_network {
my ($rpcenv, $type, $network) = @_;
if ($type eq 'fabric') {
return rpcenv->check_any($authuser, "/sdn/fabrics/${network}", ['SDN.Audit', 'SDN.Allocate'], 1);
} elsif ($entry->{network_type} eq 'zone') {
return rpcenv->check($authuser, "/sdn/zones/${network}", ['SDN.Audit'], 1);
}
return 0;
}
And use that here to make it clearer what mainly happens here.
> +
> + push $res->@*,
> + {
> + "id" => "network/$node/$entry->{network_type}/$entry->{network}",
> + "node" => $node,
> + $entry->%*,
> + };
> + }
> + }
> + }
> +
> return $res;
> },
> });
> diff --git a/PVE/Service/pvestatd.pm b/PVE/Service/pvestatd.pm
> index 618d6139a..085bf9d61 100755
> --- a/PVE/Service/pvestatd.pm
> +++ b/PVE/Service/pvestatd.pm
> @@ -15,6 +15,7 @@ use PVE::CpuSet;
> use Filesys::Df;
> use PVE::INotify;
> use PVE::Network;
> +use PVE::RS::SDN::Fabrics;
> use PVE::NodeConfig;
> use PVE::Cluster qw(cfs_read_file);
> use PVE::Storage;
> @@ -775,6 +776,28 @@ sub update_sdn_status {
> }
> }
>
> +sub update_network_status {
> + my $network_status = {};
> +
> + my ($fabric_status) = PVE::RS::SDN::Fabrics::status();
> + for my $fabric (values $fabric_status->%*) {
> + $network_status->{"fabric/$fabric->{network}"} = $fabric;
> + }
> +
> + my ($zone_status, $vnet_status) = PVE::Network::SDN::Zones::status();
> + for my $id (sort keys $zone_status->%*) {
> + my $zone = $zone_status->{$id};
> +
> + $zone->{network_type} = 'zone';
> + $zone->{network} = $id;
> + $zone->{type} = 'network';
> +
> + $network_status->{"zone/$id"} = $zone;
> + }
> +
> + PVE::Cluster::broadcast_node_kv("network", encode_json($network_status));
> +}
> +
> my $broadcast_version_info_done = 0;
> my sub broadcast_version_info : prototype() {
> if (
> @@ -840,6 +863,10 @@ sub update_status {
> $err = $@;
> syslog('err', "sdn status update error: $err") if $err;
>
> + eval { update_network_status(); };
> + $err = $@;
> + syslog('err', "network status update error: $err") if $err;
> +
> eval { broadcast_version_info(); };
> $err = $@;
> syslog('err', "version info update error: $err") if $err;
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2025-11-12 20:51 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-07 14:31 [pve-devel] [PATCH common/manager/network/proxmox{-ve-rs, -perl-rs} v3 00/39] Improve status reporting for SDN / networking Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-common v3 1/2] iproute2: add helper for detecting bridge members Stefan Hanreich
2025-11-12 21:20 ` [pve-devel] applied: " Thomas Lamprecht
2025-11-07 14:31 ` [pve-devel] [PATCH pve-common v3 2/2] iproute2: add helper for querying vlan information Stefan Hanreich
2025-11-12 21:20 ` [pve-devel] applied: " Thomas Lamprecht
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-ve-rs v3 1/7] frr: make room for deserialization structs Stefan Hanreich
2025-11-12 21:17 ` [pve-devel] applied: " Thomas Lamprecht
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-ve-rs v3 2/7] frr: add deserialization types for openfabric and ospf Stefan Hanreich
2025-11-12 21:17 ` [pve-devel] applied: " Thomas Lamprecht
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-ve-rs v3 3/7] ve-config: add helper function to iterate over all nodes in all fabrics Stefan Hanreich
2025-11-12 21:17 ` [pve-devel] applied: " Thomas Lamprecht
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-ve-rs v3 4/7] ve-config: add optional tag property to vnet Stefan Hanreich
2025-11-12 21:17 ` [pve-devel] applied: " Thomas Lamprecht
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-ve-rs v3 5/7] frr: fix some route deserialization types Stefan Hanreich
2025-11-12 21:17 ` [pve-devel] applied: " Thomas Lamprecht
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-ve-rs v3 6/7] frr: add deserialization types for EVPN Stefan Hanreich
2025-11-12 21:17 ` [pve-devel] applied: " Thomas Lamprecht
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-ve-rs v3 7/7] add derive PartialEq, Eq and HashMap->BTreeMap for tests Stefan Hanreich
2025-11-12 21:17 ` [pve-devel] applied: " Thomas Lamprecht
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-perl-rs v3 01/12] pve-rs: firewall: cargo: fmt Stefan Hanreich
2025-11-12 21:29 ` Thomas Lamprecht
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-perl-rs v3 02/12] pve-rs: firewall: add missing documentation comments Stefan Hanreich
2025-11-12 21:29 ` Thomas Lamprecht
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-perl-rs v3 03/12] pve-rs: cargo: bump proxmox-apt and proxmox-ve-config versions Stefan Hanreich
2025-11-12 21:29 ` Thomas Lamprecht
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-perl-rs v3 04/12] pve-rs: fabrics: update proxmox-frr import path Stefan Hanreich
2025-11-12 21:29 ` Thomas Lamprecht
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-perl-rs v3 05/12] pve-rs: fabrics: fix clippy lint warnings Stefan Hanreich
2025-11-12 21:29 ` Thomas Lamprecht
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-perl-rs v3 06/12] pve-rs: fabrics: add function to get status of fabric Stefan Hanreich
2025-11-12 21:29 ` Thomas Lamprecht
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-perl-rs v3 07/12] pve-rs: fabrics: add function to get l2vpn and l3vpn routes for evpn Stefan Hanreich
2025-11-12 21:30 ` Thomas Lamprecht
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-perl-rs v3 08/12] pve-rs: fabrics: add function to get routes learned by a fabric Stefan Hanreich
2025-11-12 21:30 ` Thomas Lamprecht
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-perl-rs v3 09/12] pve-rs: fabrics: add function to get the interfaces used for " Stefan Hanreich
2025-11-12 21:30 ` Thomas Lamprecht
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-perl-rs v3 10/12] pve-rs: fabrics: add function to get the neighbors " Stefan Hanreich
2025-11-12 21:30 ` Thomas Lamprecht
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-perl-rs v3 11/12] pve-rs: fabrics: add unit-tests for fabrics Stefan Hanreich
2025-11-12 21:30 ` Thomas Lamprecht
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-perl-rs v3 12/12] pve-rs: fabrics: add unit-tests for evpn l2vpn and l3vpn routes Stefan Hanreich
2025-11-12 21:30 ` Thomas Lamprecht
2025-11-07 14:31 ` [pve-devel] [PATCH pve-network v3 1/9] refactor: rework api module structure for the /nodes/{node}/sdn subdir Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-network v3 2/9] fabrics: add fabrics status to SDN::status function Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-network v3 3/9] sdn: status: add zone type to sdn resource Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-network v3 4/9] api: nodes: fabrics: add endpoint for querying route status Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-network v3 5/9] api: nodes: fabrics: add endpoint for querying neighbor information Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-network v3 6/9] api: nodes: fabrics: add endpoint for querying interface status Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-network v3 7/9] api: nodes: zones: add bridge status Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-network v3 8/9] api: nodes: zones: add ip vrf endpoint for evpn zones Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-network v3 9/9] api: nodes: vnets: add mac-vrf endpoint for evpn vnets Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-manager v3 1/9] api: nodes: use new status module for sdn subdirectory Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-manager v3 2/9] refactor: ui: sdn browser: parametrize zone content panel Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-manager v3 3/9] pvestatd: add network resource to status reporting Stefan Hanreich
2025-11-12 20:39 ` Thomas Lamprecht
2025-11-12 20:51 ` Thomas Lamprecht [this message]
2025-11-13 13:09 ` Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-manager v3 4/9] pvestatd: sdn: adapt to changes in " Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-manager v3 5/9] ui: resource tree: add network resource Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-manager v3 6/9] ui: network browser: Add ip-vrf panel for evpn zones Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-manager v3 7/9] ui: network browser: add mac vrf panel Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-manager v3 8/9] ui: network browser: add zone bridge view Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-manager v3 9/9] ui: sdn: status view: adapt to new network resource Stefan Hanreich
2025-11-12 16:13 ` [pve-devel] [PATCH common/manager/network/proxmox{-ve-rs, -perl-rs} v3 00/39] Improve status reporting for SDN / networking Hannes Duerr
2025-11-13 16:23 ` [pve-devel] superseded: " Stefan Hanreich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=76e75c5f-00a7-41e4-86a7-9b7ef174d146@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
--cc=s.hanreich@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox